-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Demo for Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded. #22654
Conversation
While your changes make more sense regarding the error message, they don't explain why it was previously working and then just… stopped working? |
I was definitely experiencing something where the atob function appeared to be not present. I equally don't understand as to why this is all of a sudden required when it was not previously. |
ah I think I understand ... yup this should work! The decode function was missing that we're urlencoding the base64 and not de-urlencoding properly. |
Signed-off-by: Andrew Thornton <art27@cantab.net>
We need to change every decode to do the same thing. patchdiff --git a/web_src/js/features/user-auth-webauthn.js b/web_src/js/features/user-auth-webauthn.js
index f11a49864..ed210c843 100644
--- a/web_src/js/features/user-auth-webauthn.js
+++ b/web_src/js/features/user-auth-webauthn.js
@@ -14,9 +14,9 @@ export function initUserAuthWebAuthn() {
$.getJSON(`${appSubUrl}/user/webauthn/assertion`, {})
.done((makeAssertionOptions) => {
- makeAssertionOptions.publicKey.challenge = decode(makeAssertionOptions.publicKey.challenge);
+ makeAssertionOptions.publicKey.challenge = decodeURLEncodedBase64(makeAssertionOptions.publicKey.challenge);
for (let i = 0; i < makeAssertionOptions.publicKey.allowCredentials.length; i++) {
- makeAssertionOptions.publicKey.allowCredentials[i].id = decode(makeAssertionOptions.publicKey.allowCredentials[i].id);
+ makeAssertionOptions.publicKey.allowCredentials[i].id = decodeURLEncodedBase64(makeAssertionOptions.publicKey.allowCredentials[i].id);
}
navigator.credentials.get({
publicKey: makeAssertionOptions.publicKey
@@ -56,14 +56,14 @@ function verifyAssertion(assertedCredential) {
type: 'POST',
data: JSON.stringify({
id: assertedCredential.id,
- rawId: bufferEncode(rawId),
+ rawId: bufferURLEncodedBase64(rawId),
type: assertedCredential.type,
clientExtensionResults: assertedCredential.getClientExtensionResults(),
response: {
- authenticatorData: bufferEncode(authData),
- clientDataJSON: bufferEncode(clientDataJSON),
- signature: bufferEncode(sig),
- userHandle: bufferEncode(userHandle),
+ authenticatorData: bufferURLEncodedBase64(authData),
+ clientDataJSON: bufferURLEncodedBase64(clientDataJSON),
+ signature: bufferURLEncodedBase64(sig),
+ userHandle: bufferURLEncodedBase64(userHandle),
},
}),
contentType: 'application/json; charset=utf-8',
@@ -85,14 +85,21 @@ function verifyAssertion(assertedCredential) {
});
}
-// Encode an ArrayBuffer into a base64 string.
-function bufferEncode(value) {
+// Encode an ArrayBuffer into a URLEncoded base64 string.
+function bufferURLEncodedBase64(value) {
return encode(value)
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '');
}
+// Dccode a URLEncoded base64 to an ArrayBuffer string.
+function decodeURLEncodedBase64(value) {
+ return decode(value
+ .replace(/_/g, '/')
+ .replace(/-/g, '+'));
+}
+
function webauthnRegistered(newCredential) {
const attestationObject = new Uint8Array(newCredential.response.attestationObject);
const clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON);
@@ -104,11 +111,11 @@ function webauthnRegistered(newCredential) {
headers: {'X-Csrf-Token': csrfToken},
data: JSON.stringify({
id: newCredential.id,
- rawId: bufferEncode(rawId),
+ rawId: bufferURLEncodedBase64(rawId),
type: newCredential.type,
response: {
- attestationObject: bufferEncode(attestationObject),
- clientDataJSON: bufferEncode(clientDataJSON),
+ attestationObject: bufferURLEncodedBase64(attestationObject),
+ clientDataJSON: bufferURLEncodedBase64(clientDataJSON),
},
}),
dataType: 'json',
@@ -184,11 +191,11 @@ function webAuthnRegisterRequest() {
}).done((makeCredentialOptions) => {
$('#nickname').closest('div.field').removeClass('error');
- makeCredentialOptions.publicKey.challenge = decode(makeCredentialOptions.publicKey.challenge);
- makeCredentialOptions.publicKey.user.id = decode(makeCredentialOptions.publicKey.user.id);
+ makeCredentialOptions.publicKey.challenge = decodeURLEncodedBase64(makeCredentialOptions.publicKey.challenge);
+ makeCredentialOptions.publicKey.user.id = decodeURLEncodedBase64(makeCredentialOptions.publicKey.user.id);
if (makeCredentialOptions.publicKey.excludeCredentials) {
for (let i = 0; i < makeCredentialOptions.publicKey.excludeCredentials.length; i++) {
- makeCredentialOptions.publicKey.excludeCredentials[i].id = decode(makeCredentialOptions.publicKey.excludeCredentials[i].id);
+ makeCredentialOptions.publicKey.excludeCredentials[i].id = decodeURLEncodedBase64(makeCredentialOptions.publicKey.excludeCredentials[i].id);
}
}
|
Because maybe the upgraded webauthn (go lib) changed their Please see my previous comment: |
And it seems that only |
Before:
After: